Re: [PLUG] [linux] Shell script madness (fwd)

Bill Jonas on Sun, 4 Nov 2001 20:50:27 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] [linux] Shell script madness (fwd)

From: Bill Jonas <bill@billjonas.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] [linux] Shell script madness (fwd)

Date: Sun, 4 Nov 2001 14:46:35 -0500

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.2.5i

On Fri, Nov 02, 2001 at 09:25:24AM -0500, gabriel rosenkoetter wrote: > priveleges (just run that one program) or to write a known-safe > suid wrapper (written in C or another compiled language) for this > binary. I'll share something that mct helped me with. I forget why I wrote this; I think that I was going to write a masquerading identd or some such nonsense in Perl but didn't want to give it root privileges to read the IPNat tables (on OpenBSD). Anyway, here's the C program: #include <stdio.h> #include <unistd.h> int main (void) { setuid(0); seteuid(0); setgid(0); setegid(0); execl("/sbin/ipfstat", "ipfstat", "-s", (char *)0); perror("Exec failed"); exit(1); } Notice on the execl line that the command is repeated; once for the path to the program, and I believe the second time is for its zeroth argument, ie, what will show up in the process table. This is followed by the program's arguments, one at a time, enclosed in double quotes and separated by commas. Your call to execl might look something like 'execl("/usr/local/bin/chronyc", "chronyc", (char *)0);'. I'm not sure how to pass things in on stdin, but command-line options would be like above (ie, 'execl("/usr/local/bin/chronyc", "chronyc", "--password", "blablabla", "online", (char *)0);' if that would work). You'd want to set the resulting binary to ownership by root.somegroup, add the users you wish to be able to run it to somegroup, and set it to mode 4110. If you don't want to do do the group-permissions thing, you could add UID checking to an if statement wrapping the call to execl. Now, I'm sure that gr will poke holes in this ;) (actually, I wouldn't mind some constructive criticism; I'm not yet a C programmer but aspire to be and haven't yet gotten around to it), but it seemed to work okay. I never did get around to the project that this was created for. -- Bill Jonas * bill@billjonas.com * http://www.billjonas.com/ Developer/SysAdmin for hire! See http://www.billjonas.com/resume.html ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

Re: [PLUG] [linux] Shell script madness (fwd)
From: gabriel rosenkoetter <gr@eclipsed.net>

References:

[PLUG] [linux] Shell script madness (fwd)
From: "Arthur S. Alexion" <arthur@alexion.com>

Re: [PLUG] [linux] Shell script madness (fwd)
From: gabriel rosenkoetter <gr@eclipsed.net>

Prev by Date: [PLUG] [Fwd: IT Positions available]

Next by Date: Re: [PLUG] [linux] Shell script madness (fwd)

Previous by thread: Re: [PLUG] [linux] Shell script madness (fwd)

Next by thread: Re: [PLUG] [linux] Shell script madness (fwd)

Index(es):

Date

Thread